Re: Directory permissions (keep root out)
From: DarkSamurai (Xploited_at_segfault.localhost)
Date: 01/23/04
- Next message: Ben Measures: "Re: crack my machine"
- Previous message: AR: "lokkit firewall script"
- In reply to: D. Hampton Finger: "Directory permissions (keep root out)"
- Next in thread: Iwo Mergler: "Re: Directory permissions (keep root out)"
- Reply: Iwo Mergler: "Re: Directory permissions (keep root out)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 23 Jan 2004 14:46:40 GMT
D. Hampton Finger wrote:
> Greetings all,
> I work for a research entity which has some software that is not
> for export outside the U.S.A.. We have to utilize it on a academic
> computer system which will be administrated by a non-US citizen, I.E.
> breaking the "not for export" part of the license agreement.
>
> How can I setup a directory so that root can't gain access to it? This
> is general UNIX it is true, but the system in question is RedHat linux,
> and could have some unknown to me tool to do this. We have a small
> group who will be running this code and they will have need to use it.
> If root can get to it, we loose the farm.
>
> We have thought about NFS mounting a directory from a more secure host
> and then instantiating "root-squash", but that still doesn't preclude
> using su to get in as one of the authorized users. Is there a group
> authenticator we could utilize that would make access to the directory
> dependant on not just a user name but a password?
>
> Suggestions?
>
> Thank you in advance,
>
> Hampton
>
http://www.ecf.toronto.edu/plan9/plan9faq.html
-- DarkSamurai Homepage: http://tinyurl.com/yrqtl
- Next message: Ben Measures: "Re: crack my machine"
- Previous message: AR: "lokkit firewall script"
- In reply to: D. Hampton Finger: "Directory permissions (keep root out)"
- Next in thread: Iwo Mergler: "Re: Directory permissions (keep root out)"
- Reply: Iwo Mergler: "Re: Directory permissions (keep root out)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
